Skip to main content

sql_adjacent_string_concat

Function sql_adjacent_string_concat 

Source
pub fn sql_adjacent_string_concat(payload: &str) -> String
Expand description

SQL adjacent-string-literal concatenation — every 'string' literal of length ≥ 2 is rewritten as a sequence of single-character adjacent literals: 'admin''a' 'd' 'm' 'i' 'n'.

Bypass mechanism: SQL standard (ANSI SQL-92 §5.3) specifies that two adjacent character-string literals separated only by whitespace are concatenated by the parser. MySQL, Postgres, SQLite, Oracle, DB2 all implement this. WAF rules that match the literal substring of well-known credentials or paths (e.g. 'admin', '/etc/passwd') see N unrelated single-character strings instead of one token. The database rejoins them at parse time — no comments, no CONCAT calls, no special functions. Pure SQL semantics.

Idempotent: every output sub-literal has length 1, below the split threshold — a second pass leaves the output unchanged.

Context: Effective against any byte-pattern WAF inspecting SQL bodies. Inert outside SQL context (won’t fire on non-quoted payloads).